Posted on November 4, 2019 5:55 pm
 |  Asked by Jon Nicholson
 |  75 views
0
0
Print Friendly, PDF & Email

I have been experimenting in our test environment with attached-host routes on a vxlan network.

We have are using asymmetric IRB across our vxlan infrastructure as it is (for the moment at least) simple enough for this not to cause us an issue. We want to use attached-host to ensure that the correct pair of leaf switches are used for routing “southbound” traffic. In the production environment there will be 5 pairs of leaf switches which will be routing traffic for the edge vlan. Behind this vlan are ~50 nodes that are connected with MLAG to the pairs of (7060CX) leaf switches.

What we’re seeing in test is that as soon as we enable `ip attached-host route export` in the vlan configuration we only see the ARP for the end devices on one of the MLAG pair. So when this is exported to the Spine switches we only see one host route for the end device.

Is this expected behaviour? I would expect to see a route exported from both switches in the MLAG pair and the spine switches to use ECMPR symantics to load balance between the switches.

It may be that this isn’t significant in the production environment as there will be sufficient nodes for the load to be balanced across the links.

Many thanks,

Jonathan

0
Answered on November 5, 2019 8:57 pm

Hello Jonathan,

As per your requirement for ECMP paths from the spine , the feature would require the ARP entry for the host to be present on both the devices in the MLAG pair for them to generate the host route.There are a few checks that can be performed to understand what you observe :

1. Is the ARP entry for host missing on either of the devices without the host-route injection feature enabled?

If yes, the virtual IP config on the vlan would need to be checked.

2. If ARP entries are present on both leaf switches without the feature enabled ,and it is only with the host-route injection config in place that the entry is not seen on one of them, we could perform the below checks:

i. Are both the leaf switches in MLAG having the same route towards the host and is it via the directly connected vlan?

ii. If not, is the switch where the ARP entry is not present having a BGP route with the next-hop pointing towards the spine switch?

If ii is correct, then it could be the case where the leaf switch A (the one with the ARP entry already in its cache) is injecting the host-route into the spines and the spines advertise it to the other leaf switch B. If we consider the leaf and spines are eBGP neighbours, the interfaces on the spine switch could become the next hop for these host prefixes on leaf device B.

If this is observed, a check on the AD for the BGP route from the spine could help.Considering the AD for this prefix is a value lesser than the one configured in the 'ip attached-host route export' (by default a value of 250),the leaf device B never would advertise the host route as it has the route via eBGP from the spine preferred.

Thanks,
Punit

Post your Answer

You must be logged in to post an answer.